Cybercrime, Formbook campaign via rtf from China
The “AWD-20-971-JA04Q7.doc” attachment of the “Рuгсhasе Огdег #AWD-20-971-JA04Q7” email, exploiting a vulnerability, contacts a link and downloads an exe: the malware.
Cybercrime, Formbook hidden in a fake purchase order from Zimbabwe
The gz attachment of the “ORDER 0736449574 ZWL0106245448” email contains an exe file: the malware.
Cybercrime, false DHL invoice baits for a Formbook campaign
The gz attachment of the email with the subject "COMMERCIAL INVOICE, BILL OF LADING, ETC DOC" contains an exe file: the malware.
Cybercrime, Formbook passes from the UAE and a purchase order
The gz attachment of the email contains an exe file: the malware.
Cybercrime, RFQ from Thailand via China carries Formbook
The email gz attachment contains an exe file: the malware.
Cybercrime, double failed malware campaign via PO
The emails contain an xls which, using the Equation Editor, contacts a url and downloads the final payload. However, the exe is unreachable.
Cybercrime, double Formbook campaign via SWIFT transaction from Ziraat Bank
Two emails have the same .7z attachment that contains an exe file: the malware.
Cybercrime, complex Formbook campaign via Libyan oil companies
The email contains 5 attachments: 4 images and a pdf. By activating the latter, you are asked to open a link that downloads an exe: the malware.
Cybercrime, Formbook conveyed via false hotel booking
The email rar attachment contains an exe file: the malware.
Cybercrime, multi-malware campaign via fake purchase order
The xls attachment of the email first downloaded Putty and now Formbook. It is not excluded that it is targeted.